Securiteam – Page 24 – Computer Security Articles

Credit to Author: Maor Schwartz| Date: Sun, 26 Mar 2017 13:14:58 +0000

Vulnerability Summary The following advisory describes a account takeover vulnerability found in OpenCart (version 2.3.0.2). OpenCart is a opensource e-commerce platform written in PHP. “Opencart is an easy to-use, powerful, Open Source online store management program that can manage multiple online stores from a single back-end.” Credit An independent security researcher “Ayrx” has reported this … Continue reading SSD Advisory – OpenCart Account Takeover

Independent Securiteam

March 19, 2017 admin

SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE

Credit to Author: Maor Schwartz| Date: Sun, 19 Mar 2017 08:05:05 +0000

Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By enabling searches across a wide variety of sources, Oracle’s InQuira knowledge management products offer simple and convenient ways for users to access knowledge that was once hidden in the myriad systems, applications, and databases used to store enterprise content. … Continue reading SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE →

Independent Securiteam

March 14, 2017 admin

SSD Advisory – SolarWinds Multiple Vulnerabilities

Credit to Author: Maor Schwartz| Date: Tue, 14 Mar 2017 07:15:01 +0000

Vulnerabilities Summary SolarWinds Server and Application Monitor version 6.1.1 has been found to contain multiple vulnerabilities: Node Custom Properties Persistent XSS Audit Events Module Persistent XSS Custom “Data Source” and ‘Where Clause’ Persistent XSS “Build Dynamic Query Name” Persistent XSS Multiple Persistent XSS Vulnerabilities Via ‘Title’ field Application Monitor Template Persistent XSS NOC View Name … Continue reading SSD Advisory – SolarWinds Multiple Vulnerabilities →

Independent Securiteam

March 9, 2017 admin

SSD Advisory – Over 100K IoT Cameras Vulnerable to Source Disclosure

Credit to Author: noam| Date: Thu, 09 Mar 2017 08:34:23 +0000

Vulnerability Summary The following advisory describes an arbitrary file content disclosure vulnerability found in GoAhead web server. The GoAhead web server is present on multiple embedded devices, from IP Cameras to Printers and other embedded devices. The vulnerability allows a remote unauthenticated attacker to disclose the content of the file being accessed. As most embedded … Continue reading SSD Advisory – Over 100K IoT Cameras Vulnerable to Source Disclosure →

Independent Securiteam

March 3, 2017 admin

SSD Advisory – MuraCMS Multiple Vulnerabilities

Credit to Author: Maor Schwartz| Date: Fri, 03 Mar 2017 16:04:16 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in MuraCMS version 6.2. MuraCMS is an open source content management system for CFML, created by Blue River Interactive Group. Mura has been designed to be used by marketing departments, web designers and developers. The vulnerabilities found in MuraCMS are: Unauthenticated remote arbitrary code execution … Continue reading SSD Advisory – MuraCMS Multiple Vulnerabilities →

Independent Securiteam

February 27, 2017 admin

SSD Advisory – HTC Sync Remote Code Execution

Credit to Author: Maor Schwartz| Date: Mon, 27 Feb 2017 10:19:14 +0000

Vulnerabilities Summary The following advisory describes a remote code execution (RCE) found in HTC Sync version v3.3.63. Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response The vulnerability was not reported to the vendor because the product has reached end of life on 31 August 2016 … Continue reading SSD Advisory – HTC Sync Remote Code Execution →

Independent Securiteam

February 21, 2017 admin

SSD Advisory – Oracle Java FTP Stream Injection

Credit to Author: Maor Schwartz| Date: Tue, 21 Feb 2017 13:51:34 +0000

Vulnerability Summary The following advisory describes a FTP protocol stream injection vulnerability found in Oracle Java. Java is a general-purpose computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible. It is intended to let application developers “write once, run anywhere” (WORA). Credit An independent security … Continue reading SSD Advisory – Oracle Java FTP Stream Injection →

Independent Securiteam

February 21, 2017 admin

SSD Advisory – HiSilicon multiple vulnerabilities

Credit to Author: Maor Schwartz| Date: Tue, 21 Feb 2017 07:44:16 +0000

Vulnerabilities Summary The following advisory describes 2 vulnerabilities found in HiSilicon application-specific integrated circuit (ASIC) chip set firmware. HiSilicon provides ASICs and solutions for communication network and digital media. These ASICs are widely used in over 100 countries and regions around the world. In the digital media field, HiSilicon has already released the SoC and … Continue reading SSD Advisory – HiSilicon multiple vulnerabilities →